Google's Advanced Protection for Vulnerable Users Comes to Android

With the rise of mercenary spyware and different targeted threats, tech giants similar Apple, Google, and Microsoft person spent the past fewer years trying to fig retired however to support the integer lives of their astir at-risk, susceptible users astir the world. On mobile, the launch of Apple's iOS Lockdown Mode successful 2022 was 1 concerted effort to shed nonessential functionality successful favour of maximum security—a tradeoff astir users wouldn't privation to make, but that could beryllium precise worthy it for a nationalist figure, activist, journalist, oregon dissident surviving nether regular scrutiny and menace of attack. For years, Google has offered a program for a akin demographic called “Advanced Protection” that focuses connected adding additional layers of monitoring and information to susceptible users' Google accounts, a halfway portion of galore people's integer lives that could beryllium devastating if compromised. Now, Google is extending Advanced Protection with a suite of features for Android 16.

On Tuesday, the institution announced an Advanced Protection mode for phones moving the caller mentation Android. At its core, the mode is designed astir imposing beardown information settings connected each apps and services to silo information arsenic overmuch arsenic imaginable and trim interactions with unsecured web services and antecedently unknown, untrusted individuals. Advanced Protection connected Android is meant to beryllium arsenic usable and flexible arsenic possible, though, leaning connected Google's rapidly expanding on-device AI scanning capabilities to supply monitoring and alerts without having to wholly destruct features. Still, the mode imposes restrictions that can't beryllium turned off, similar blocking phones from connecting to historical 2G information networks and disabling Chrome's Javascript optimizer, which could change oregon interruption immoderate web functionality connected immoderate sites.

“There are 2 classes of things that we usage to support the user. One is you evidently harden the system, truthful you effort to fastener things down, you forestall galore forms of attacks," says Dave Kleidermacher, vice president of engineering astatine Android’s information and privateness division. "But 2 is you can't ever forestall each onslaught entirely. But if you tin observe that you've been compromised you tin instrumentality immoderate benignant of corrective action. In user information connected mobile this detection has ne'er truly been a possibility, truthful that's 1 of the large things we've done here."

This monitoring and detection capability, known arsenic “Intrusion Logging,” uses end-to-end encryption to indelibly store logs from your instrumentality successful the unreality specified that they can't beryllium accessed by Google oregon immoderate enactment speech from you, but besides successful a signifier that can't beryllium deleted oregon modified, adjacent if your instrumentality and Google relationship are compromised.

Logging and strategy monitoring tools are communal connected laptops and desktops—not to notation successful endeavor IT environments—but offering the capabilities for consumers connected mobile devices is much unusual. As with immoderate strategy that takes information disconnected a instrumentality and puts it successful the cloud, the strategy does present immoderate caller risks, but Google and Google Cloud Services already run galore end-to-end encrypted platforms for users, and Kleidermacher notes that the quality to make indelible logs that can't beryllium manipulated oregon deleted by a blase attacker is invaluable successful addressing targeted attacks.

“The main innovation present is you person an audit log mechanics to observe compromise that is really resistant to instrumentality tampering,” helium says. “It's bringing intrusion detection to the consumer. So if you arsenic a user fishy a occupation and you're not sure, you tin propulsion the logs down from the cloud. You tin stock them with a information expert, you tin stock them with an NGO, and they tin usage tools for analysis.”

Another diagnostic that is connected by default and can't beryllium turned disconnected successful Advanced Protection is Android's Memory Tagging Extension (MTE). The feature, which debuted for Google's Pixel enactment and is starting to beryllium adopted successful processors connected different devices, is simply a hardware information extortion related to however a strategy manages its memory. If an attacker attempts to exploit a representation vulnerability similar a alleged “buffer overflow," MTE volition origin the process to fail, stopping the onslaught successful its tracks. Memory corruption bugs are a communal instrumentality utilized by hackers, truthful neutering the full people of vulnerabilities makes it overmuch much hard to onslaught a device.